Assign an existing User-Assigned Managed Identity to VM from another subscription using Azure Policy
Azure provides a comprehensive list of built-in policy definitions (grouped by the category property defined in the metadata) which are owned and maintained by Microsoft (where the azure-policy repository contains the direct representation of these).
Built-in policy definitions usually cover a specific scenario although some flexibility might be provided through parameters that can be configured. However, customers might have specific needs not covered by an available built-in policy definition and a custom policy definition might be needed.
As a rule of thumb, if there is a built-in policy definition that covers part of a scenario, a custom policy definition can be created based on it introducing the necessary modifications.
Let’s take into consideration the [Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines built-in policy definition that creates and assigns a built-in user-assigned managed identity or assigns a pre-created user-assigned managed identity at scale to virtual machines. This currently provides the user-assigned managed identity name and resource group name as parameters expecting that it is on the same subscription as the virtual machine resource. However, in a scenario where the pre-created user-assigned managed identity exists in a different subscription from the virtual machine resource, a custom policy definition is required.
Before creating a custom policy, it is worth checking both the Azure Policy Samples as well as the Community Policy Repository to see whether a policy definition that matches your needs already exists. Coming back to the user-assigned managed identity assignment to virtual machines where the pre-created user-assigned managed identity exists in a different subscription from the virtual machine resource scenario, a custom policy definition is available here where the user assigned managed identity resource URI (which contains the subscription ID) is provided as a parameter.
Published on:
Learn moreRelated posts
Using the Secret Management PowerShell Module with Azure Key Vault and Azure Automation
Automation account credential resources are the easiest way to manage credentials for Azure Automation runbooks. The Secret Management module ...
Microsoft Azure Fundamentals #4: Azure Service Bus Topics and Subscriptions for multi-system CRM workflows in Microsoft Dataverse / Dynamics 365
🚀 1. Scenario Overview In modern enterprise environments, a single business event in Microsoft Dataverse (CRM) can trigger workflows across m...
Easily connect AI workloads to Azure Blob Storage with adlfs
Microsoft works with the fsspec open-source community to enhance adlfs. This update delivers faster file operations and improved reliability f...
Microsoft Azure Fundamentals #3: Maximizing Event-Driven Architecture in Microsoft Power Platform
🧩 1. Overview Event-driven architecture (EDA) transforms how systems communicate.Instead of traditional request–response or batch integration...
Azure Developer CLI (azd) – October 2025
This post announces the October release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – October 2025 appeared f...
Microsoft Azure Fundamentals #2: Designing Real-Time Bi-Directional Sync Between Dataverse and Azure SQL for Multi-Region Deployments
Here’s a detailed technical breakdown of designing a real-time bi-directional sync between Dataverse and Azure SQL for multi-region deployment...
Azure DevOps local MCP Server is generally available
Today we are excited to take our local MCP Server for Azure DevOps out of preview 🥳. Since the initial preview announcement, we’ve work...
Announcing the new Azure DevOps Server RC Release
We’re excited to announce the release candidate (RC) of Azure DevOps Server, bringing new features previously available in our hosted version....
How to Integrate Azure Service Bus with Microsoft Dynamics 365 CRM Step by Step with Example?
Keeping data flowing between applications is critical in today’s connected business world. Organizations using Microsoft Dynamics 365 CR...